AWS Cloudwatch Audit

Audit your Cloudwatch

What we do?

AWS CloudWatch Events In Use

Ensure CloudWatch Events is in use to help you respond to operational changes within your AWS resources.

Addresses: Security, Reliability, Operational Maturity

AWS Config Changes Alarm

Ensure AWS Config configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

AWS Console Sign In Without MFA

Monitor for AWS Console Sign-In Requests Without MFA.

Addresses: Security

AWS Organizations Changes Alarm

Ensure Amazon Organizations changes are being monitored using AWS CloudWatch alarms.

Addresses: Security

Authorization Failures Alarm

Ensure any unauthorized API calls made within your AWS account are being monitored using CloudWatch alarms.

Addresses: Security

CMK Disabled or Scheduled for Deletion Alarm

Ensure AWS CMK configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

CloudTrail Changes Alarm

Ensure all AWS CloudTrail configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Console Sign-in Failures Alarm

Ensure your AWS Console authentication process is being monitored using CloudWatch alarms.

Addresses: Security

EC2 Instance Changes Alarm

Ensure AWS EC2 instance changes are being monitored using CloudWatch alarms.

Addresses: Security

EC2 Large Instance Changes Alarm

Ensure AWS EC2 large instance changes are being monitored using CloudWatch alarms.

Addresses: Security

IAM Policy Changes Alarm

Ensure AWS IAM policy configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Internet Gateway Changes Alarm

Ensure AWS VPC Customer/Internet Gateway configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Network ACL Changes Alarm

Ensure AWS Network ACLs configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Root Account Usage Alarm

Ensure Root Account Usage is being monitored using CloudWatch alarms.

Addresses: Security

Route Table Changes Alarm

Ensure AWS Route Tables configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

S3 Bucket Changes Alarm

Ensure AWS S3 Buckets configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Security Group Changes Alarm

Ensure AWS security groups configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

VPC Changes Alarm

Ensure AWS VPCs configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Event Bus Exposed

Ensure that your AWS CloudWatch event bus is not exposed to everyone.

Addresses: Security

EventBus Cross Account Access

Ensure that AWS CloudWatch event buses do not allow unknown cross-account access for delivery of events.

Addresses: Security

Create CloudWatch Alarm for VPC Flow Logs Metric Filter

Ensure that a CloudWatch alarm is created for the VPC Flow Logs metric filter and an alarm action is configured.

Addresses: Security

Metric Filter for VPC Flow Logs CloudWatch Log Group

Ensure that a log metric filter for the CloudWatch group assigned to the VPC Flow Logs is created.

Addresses: Security


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.